Comply with accountability requirements that include maintaining a record of
processing activities, conducting data protection impact assessments in appropriate
cases, and abiding by privacy-by-design and privacy-by-default principles